Names | DreamBot | |
Category | Malware | |
Type | Banking trojan, Info stealer, Credential stealer, Botnet | |
Description | (Proofpoint) The Dreambot malware is still in active development and over the last few months we have seen multiple versions of it spreading in the wild. The Tor-enabled version of Dreambot has been active since at least July 2016, when we first observed the malware successfully download the Tor client and connect to the Tor network. Today, many Dreambot samples include this functionality, but few use it as their primary mode of communication with their command and control (C&C) infrastructure. However, in the future this feature may be utilized much more frequently, creating additional problems for defenders. | |
Information | <https://www.proofpoint.com/us/threat-insight/post/ursnif-variant-dreambot-adds-tor-functionality> <https://lokalhost.pl/gozi_tree.txt> | |
MITRE ATT&CK | <https://attack.mitre.org/software/S0386> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.dreambot> | |
AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=DreamBot> |
Last change to this tool card: 13 October 2023
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
Unknown groups | |||||
_[ Interesting malware not linked to an actor yet ]_ |
1 group listed (0 APT, 0 other, 1 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |